How should I be concerned about Ransomware attacks?

How should I be concerned about Ransomware attacks?

Since the emergence of Wannacry in 2017, the ransomware subject has always been present in the agendas of executives in companies of all industries and sizes. And in 2023, I believe it won't be different: according to a study by Sophos, 66% of the organizations surveyed were victims of ransomware attacks in 2021. 

To get an idea of this increase, this percentage was 37% in 2020. And with the emergence of new variants of ransomware and Ransomware-as-a-Service, the trend is that this percentage will only increase. In practice, this means a greater ability to scale the development of this type of malware, since no programming knowledge is required to develop ransomware. 

The same study by Sophos indicates that 57% of organizations noticed an increase in the number of cyberattacks and 59% experienced greater complexity in these attacks in the last year. Moreover, 53% of the surveyed companies noted an increase in the impact of these cyberattacks. 

One of the consequences was a higher success rate of malicious attackers in encrypting their victims' data. While in 2020 this rate was 54%, this percentage reached 65% success in attacks of this nature in the study for the year after. The costs associated with ransomware attacks are also high:

according to Cybersecurity Ventures, by 2031, ransomware will cost companies more than $265 billion. 

These factors also make the work of detecting and responding to ransomware incidents even more difficult for security teams. In addition, CheckPoint elected ransomware as the number one threat to organizations. This is mainly due to the impact this type of attack brings on a business. Imagine your organization having all your data encrypted, and that you, as responsible for security, have not prepared any contingency plans for recovery of the environment, including defined and properly tested backup policies. As far as I am concerned, if that is your case, there is not much you can do. That's because, even if you consider paying the ransom for your data (which I do not recommend), chances are you won't recover them in full. 

Sophos' research indicates that 46% of organizations affected by ransomware have paid the ransoms required by criminals, but only 4% have been able to fully recover their data. Also, almost a third of companies were unable to recover even half of their encrypted data. We must also consider the risk of data leaks, especially those considered sensitive, in addition to personal data.

And there is no point in hiring cyber insurance to transfer risks related to ransomware. To assume this risk, insurers will certainly evaluate their environment and impose the implementation of several security mechanisms, including the definition of robust backup policies and Incident Recovery Plans. It is worth remembering these plans must take into account the organizational risk assessment and the company's risk appetite, in addition to the business strategy itself. 

Moreover, governments themselves are considering the new business risks introduced by ransomware attacks.

Gartner estimates that 30% of countries will have some specific ransomware legislation by 2025.

To have an idea, this percentage did not reach 1% in 2021. Not to mention the heavy sanctions of data protection laws. In the case of the European data protection law, an organization that suffers a cyberattack that leads to data leaks from residents in Europe is subject to the sanctions provided for in GDPR. This means they are subject to penalties of up to €20 million or 4% of their turnover. In the case of the California Consumer Privacy Act (CCPA), sanctions amount to $7,500 for each intentional violation. 

Efforts to mitigate the risks associated with ransomware attacks include the implementation of policies, processes, and procedures. These policies should encompass the definition and periodic verification of backup policies for data recovery in case of infection. In addition, Security teams must implement Vulnerability Management policies in order to address failures that can be exploited in cyberattack attempts. 

The prevention of ransomware attacks also involves the adoption of Zero Trust in companies. This means the implementation of strategies based on continuous verification of the user's identity by using approaches such as the Principle of Least Privilege. In practice, this means having full visibility of where the accesses are made and by whom. These strategies include acquiring and deploying technologies such as Endpoint Detection and Response (EDR), Privileged Elevation and Delegation Management (PEDM), Intrusion Prevention System (IPS), and Network Traffic Analysis (NTA).

Finally, I believe the way to prevent and combat attacks involving ransomware must go through the “people” aspect. This means investing in raising awareness among your employees and third parties to identify social engineering and phishing attacks, which are the preferred attack vector for cyber attackers. Security leaders must also invest in training their teams to operate the tools acquired and execute the processes previously defined.

The question is not whether, but when an organization will suffer a cyberattack. And the impact brought by a ransomware attack is considerable: having data encrypted and being unable to recover it can make any company simply have to close its doors. Therefore, security leaders should be concerned with defining policies and processes, as well as implementing specific security solutions to mitigate the effects of ransomware attacks. 

In addition, investing in cyber awareness and training the Security team to respond to ransomware attacks directly impacts the possible effects this type of attack has on companies. In this way, you can guarantee the shortest recovery time of the environment, as well as ensure business continuity.

Thiago de Campos Visnadi

Advogado / membro da ANPPD / Mentor de Startups / CLO / COO

1y

👏👏👏

Like
Reply
Fernando Stacchini

Head of Technology / Digital Business / Intellectual Property at Motta Fernandes

1y

👍👍👍

Like
Reply
Juliana Moura

Founder & CEO @UmbrellaTalent e Consultora Sr na rede @Prime Futuração Empresarial | Recrutamento e Seleção de Alta Performance | RPO | Gestão Inteligente de Benefícios

2y

👏👏☂️☂️

Like
Reply

To view or add a comment, sign in

More articles by Marcus Scharra, MSc

Insights from the community

Others also viewed

Explore topics